<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>dblink_connect_u</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.1.2 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="dblink"
HREF="dblink.html"><LINK
REL="PREVIOUS"
TITLE="dblink_connect"
HREF="contrib-dblink-connect.html"><LINK
REL="NEXT"
TITLE="dblink_disconnect"
HREF="contrib-dblink-disconnect.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2011-12-01T22:07:59"></HEAD
><BODY
CLASS="REFENTRY"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.1.2 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="dblink_connect"
HREF="contrib-dblink-connect.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="dblink.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="dblink_disconnect"
HREF="contrib-dblink-disconnect.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="CONTRIB-DBLINK-CONNECT-U"
></A
>dblink_connect_u</H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN130817"
></A
><H2
>Name</H2
>dblink_connect_u&nbsp;--&nbsp;opens a persistent connection to a remote database, insecurely</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN130820"
></A
><H2
>Synopsis</H2
><PRE
CLASS="SYNOPSIS"
>dblink_connect_u(text connstr) returns text
dblink_connect_u(text connname, text connstr) returns text</PRE
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN130822"
></A
><H2
>Description</H2
><P
>    <CODE
CLASS="FUNCTION"
>dblink_connect_u()</CODE
> is identical to
    <CODE
CLASS="FUNCTION"
>dblink_connect()</CODE
>, except that it will allow non-superusers
    to connect using any authentication method.
   </P
><P
>    If the remote server selects an authentication method that does not
    involve a password, then impersonation and subsequent escalation of
    privileges can occur, because the session will appear to have
    originated from the user as which the local <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
>
    server runs.  Also, even if the remote server does demand a password,
    it is possible for the password to be supplied from the server
    environment, such as a <TT
CLASS="FILENAME"
>~/.pgpass</TT
> file belonging to the
    server's user.  This opens not only a risk of impersonation, but the
    possibility of exposing a password to an untrustworthy remote server.
    Therefore, <CODE
CLASS="FUNCTION"
>dblink_connect_u()</CODE
> is initially
    installed with all privileges revoked from <TT
CLASS="LITERAL"
>PUBLIC</TT
>,
    making it un-callable except by superusers.  In some situations
    it may be appropriate to grant <TT
CLASS="LITERAL"
>EXECUTE</TT
> permission for
    <CODE
CLASS="FUNCTION"
>dblink_connect_u()</CODE
> to specific users who are considered
    trustworthy, but this should be done with care.  It is also recommended
    that any <TT
CLASS="FILENAME"
>~/.pgpass</TT
> file belonging to the server's user
    <SPAN
CLASS="emphasis"
><I
CLASS="EMPHASIS"
>not</I
></SPAN
> contain any records specifying a wildcard host name.
   </P
><P
>    For further details see <CODE
CLASS="FUNCTION"
>dblink_connect()</CODE
>.
   </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="contrib-dblink-connect.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="contrib-dblink-disconnect.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>dblink_connect</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="dblink.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>dblink_disconnect</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>